[whatwg] Sandboxing ideas

Alexey Feldgendler alexey at feldgendler.ru
Mon May 14 14:11:20 PDT 2007

On Mon, 14 May 2007 22:29:57 +0200, Michel Fortin  
<michel.fortin at michelf.com> wrote:

> I was pointing out a solution for the problem of separate HTTP requests  
> on a forum page. Used in conjunction with some previously-suggested  
> security attributes on <iframe>, it could do a pretty good sandbox for  
> use comments on a page.
> If you want the sandbox to degrade securely in older browsers, then this  
> is not a solution.

Yes, I want the sandbox to degrade securely, as does any webmaster who  
might be going to allow some user-supplied scripting while relying on  
sandboxing for security. To cover its use cases, this feature must degrade  

> But I don't think there's a nice solution to that anyway.

This does degrade securely, doesn't require separate HTTP requests, and  
maintains human readability.

However, I admin that it's not quite “nice” (as in “æsthetics”).

Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com

More information about the whatwg mailing list